Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Virus Blocking antivirus websites.


  • This topic is locked This topic is locked
4 replies to this topic

#1 gibson638

gibson638

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 04 July 2009 - 09:41 AM

I have an unknown virus. I have run malwarebytes, comodo (but it cannot update) and a few others. All antivirus websites are blocked, as well as microsoft.com. Tried cleaning out the Hosts file, but there wasn't anything there. Also looked at LMhosts file and it was apparently clean too.

It appears that programs are being downloaded, comodo is blocking them, but I cannot figure out what is going on.

Thank you for your help.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Tom at 7:31:13.97 on Sat 07/04/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.1015 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
C:\Windows\explorer.exe
C:\Users\Tom\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.23.0\gears.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.23.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: thenervedoctor.com\sharepoint
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {90B80194-1F6A-4CF3-9B65-3A37CEA8764D} = 156.154.70.22,156.154.71.22
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\windows\system32\guard32.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\tom\appdata\roaming\mozilla\firefox\profiles\d3lyz30n.default\
FF - plugin: c:\program files\adobe\adobe acrobat 7.0\acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\users\tom\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-07-03 22:25 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-07-03 22:25 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-07-03 22:25 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-07-03 22:25 75,264 a------- c:\windows\system32\unacev2.dll
2009-07-03 22:25 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-07-03 22:25 <DIR> --d----- c:\programdata\Simply Super Software
2009-07-03 22:25 <DIR> --d----- c:\progra~2\Simply Super Software
2009-07-03 22:25 <DIR> --d----- c:\users\tom\appdata\roaming\Simply Super Software
2009-07-03 22:25 <DIR> --d----- c:\program files\Trojan Remover
2009-07-03 17:16 0 a------- C:\backup.reg
2009-07-03 17:14 471,876 a------- C:\zip.exe
2009-07-03 17:14 574 a------- C:\cleanup.bat
2009-07-03 11:34 <DIR> --d----- c:\program files\Trend Micro
2009-07-03 11:23 338,944 a------- c:\windows\system32\cmd.execf
2009-07-03 11:11 <DIR> --d----- c:\users\tom\appdata\roaming\Malwarebytes
2009-07-03 11:10 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-03 11:10 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-03 11:10 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-03 11:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-03 11:10 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-03 09:57 175,104 a------- c:\windows\PEV.exe
2009-07-03 09:57 119,296 a------- c:\windows\sed.exe
2009-07-03 09:57 338,944 a------- c:\windows\system32\CF4336.exe
2009-07-03 09:46 130 a------- c:\windows\cfplogvw.INI
2009-07-03 07:54 <DIR> --d----- c:\programdata\Comodo
2009-07-03 07:54 <DIR> --d----- c:\progra~2\Comodo
2009-07-03 07:54 183,912 a------- c:\windows\system32\guard32.dll
2009-07-03 07:54 128,888 a------- c:\windows\system32\drivers\cmdguard.sys
2009-07-03 07:54 29,520 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-07-02 17:29 914 a------- c:\windows\system32\critical_warning.html
2009-07-02 16:51 186,704 a------- c:\windows\system32\drivers\sfi.dat
2009-07-02 14:32 <DIR> --d----- c:\program files\COMODO
2009-07-02 12:31 <DIR> --dsh--- c:\windows\system32\%APPDATA%
2009-07-02 06:44 <DIR> --d----- c:\program files\common files\xing shared
2009-07-02 06:30 <DIR> --d----- c:\program files\common files\Real
2009-07-02 06:23 <DIR> --d----- c:\programdata\Symantec
2009-07-02 06:23 <DIR> --d----- c:\progra~2\Symantec
2009-07-02 06:18 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-07-02 06:18 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-07-02 06:18 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-02 06:18 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-07-02 06:18 <DIR> --d----- c:\program files\common files\PC Tools
2009-07-02 06:18 <DIR> --d----- c:\users\tom\appdata\roaming\PC Tools
2009-07-02 06:18 <DIR> --d----- c:\programdata\PC Tools
2009-07-02 06:18 <DIR> --d----- c:\progra~2\PC Tools
2009-07-02 06:18 <DIR> --d----- c:\program files\Spyware Doctor
2009-07-02 06:16 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-07-01 15:12 <DIR> --d----- c:\programdata\Google Updater
2009-06-29 20:32 <DIR> --d----- c:\program files\Adolix
2009-06-29 14:34 2,335,270 a------- c:\windows\system32\6198748.mht
2009-06-29 14:33 2,335,270 a------- c:\windows\system32\398667F.mht
2009-06-29 14:14 <DIR> --d----- c:\program files\Sophos
2009-06-24 22:33 <DIR> --d----- c:\programdata\TuneClone
2009-06-24 22:33 <DIR> --d----- c:\progra~2\TuneClone
2009-06-21 13:56 <DIR> --d----- C:\My Music
2009-06-21 05:06 <DIR> --d----- c:\users\tom\appdata\roaming\Audio Recorder Titanium
2009-06-17 22:26 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-06-17 21:17 <DIR> --d----- c:\users\tom\appdata\roaming\uTorrent
2009-06-17 05:48 <DIR> --d----- c:\users\tom\appdata\roaming\Smart Audio Editor
2009-06-16 21:22 <DIR> --d----- c:\programdata\MySQL
2009-06-16 21:22 <DIR> --d----- c:\program files\MySQL
2009-06-16 21:22 <DIR> --d----- c:\progra~2\MySQL
2009-06-16 21:20 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-13 10:01 281 a------- c:\windows\EReg072.dat
2009-06-13 09:50 <DIR> --d----- c:\program files\Maxis
2009-06-13 09:47 <DIR> --d----- c:\program files\BitTorrent
2009-06-13 09:43 <DIR> --d----- c:\programdata\Intellectual Reserve
2009-06-13 09:43 <DIR> --d----- c:\progra~2\Intellectual Reserve
2009-06-13 09:39 <DIR> --d----- c:\program files\Intellectual Reserve
2009-06-12 21:34 245 a------- c:\windows\system32\PSUNCpl.dat
2009-06-12 21:34 <DIR> --d----- c:\program files\Panda Security
2009-06-10 09:02 <DIR> --d----- c:\program files\Woopra
2009-06-10 07:52 309 a------- c:\windows\osiris.ini
2009-06-10 07:52 324,608 a------- c:\windows\IsUninst.exe
2009-06-09 07:14 <DIR> --d----- c:\windows\system32\vi-VN
2009-06-09 07:14 <DIR> --d----- c:\windows\system32\eu-ES
2009-06-09 07:14 <DIR> --d----- c:\windows\system32\ca-ES
2009-06-09 07:04 <DIR> --d----- c:\windows\system32\SPReview
2009-06-09 06:46 928,768 a------- c:\windows\system32\scavenge.dll
2009-06-09 06:45 78,336 a------- c:\windows\system32\compcln.exe
2009-06-09 06:43 724,992 a------- c:\windows\system32\PhotoScreensaver.scr
2009-06-09 06:42 75,264 a------- c:\windows\system32\drivers\dfsc.sys
2009-06-09 06:41 759,296 a------- c:\windows\system32\ipsecsnp.dll
2009-06-09 06:40 1,689,600 a------- c:\windows\system32\wscui.cpl
2009-06-09 06:35 <DIR> --d----- c:\windows\system32\EventProviders
2009-06-04 17:31 25,280 a------- c:\windows\system32\drivers\hamachi.sys

==================== Find3M ====================

2009-07-03 07:56 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-03 07:56 143,360 a------- c:\windows\inf\infstor.dat
2009-07-03 07:56 86,016 a------- c:\windows\inf\infpub.dat
2009-06-10 13:39 5,465,088 a------- c:\program files\Fresh RAM.msi
2009-06-09 07:14 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-08 22:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-08 22:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-23 05:15 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 05:14 623,616 a------- c:\windows\system32\localspl.dll
2009-04-21 04:39 2,034,688 a------- c:\windows\system32\win32k.sys
2009-04-10 23:33 986,600 a------- c:\windows\system32\winload.exe
2009-04-10 23:33 926,184 a------- c:\windows\system32\winresume.exe
2009-04-10 23:33 614,376 a------- c:\windows\system32\ci.dll
2009-04-10 23:32 50,664 a------- c:\windows\system32\PSHED.DLL
2009-04-10 23:32 3,601,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-10 23:32 3,549,672 a------- c:\windows\system32\ntoskrnl.exe
2009-04-10 23:32 438,744 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-04-10 23:32 245,736 a------- c:\windows\system32\clfs.sys
2009-04-10 23:32 177,128 a------- c:\windows\system32\halmacpi.dll
2009-04-10 23:32 140,776 a------- c:\windows\system32\halacpi.dll
2009-04-10 23:32 19,944 a------- c:\windows\system32\kdusb.dll
2009-04-10 23:32 17,896 a------- c:\windows\system32\kd1394.dll
2009-04-10 23:32 17,384 a------- c:\windows\system32\kdcom.dll
2009-04-10 23:27 546,816 a------- c:\windows\system32\RMActivate_isv.exe
2009-04-10 23:22 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-04-10 23:21 37,376 a------- c:\windows\system32\cdd.dll
2009-04-10 22:03 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-10 22:03 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-10 21:57 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-10 21:55 2,048 a------- c:\windows\system32\mferror.dll
2009-04-10 21:39 16,384 a------- c:\windows\system32\iscsilog.dll
2009-04-10 21:27 2,560 a------- c:\windows\system32\msimsg.dll
2009-04-10 21:23 289,792 a------- c:\windows\system32\atmfd.dll
2009-04-10 21:12 617,984 a------- c:\windows\system32\adtschema.dll
2009-04-10 18:59 107,612 a------- c:\windows\system32\StructuredQuerySchema.bin
2008-11-03 19:20 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 7:33:45.82 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 09 July 2009 - 12:37 AM

Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename or GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 gibson638

gibson638
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 09 July 2009 - 02:36 PM

I am unable to login to Vista at the moment. It might be too late... Hopefully I can figuer out how to get back into it. Safe Mode doesn;t even work.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 09 July 2009 - 10:20 PM

Do you have Vista CD? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 20 July 2009 - 04:09 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users